Lg Security Vulnerabilities
Allocation of Resources Without Limits or Throttling vulnerability in LG Electronics LG SuperSign CMS allows Port Scanning.This issue affects LG SuperSign CMS: from 4.1.3 before <...
6.5AI Score
0.0004EPSS
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED...
5.3CVSS
7AI Score
0.0004EPSS
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED...
9.1CVSS
7.1AI Score
0.0004EPSS
This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG...
6.3CVSS
6.9AI Score
0.0004EPSS
This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG...
3CVSS
4.2AI Score
0.0004EPSS
he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone...
5.5CVSS
5.4AI Score
0.0004EPSS
he vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are finally calling the "installPackageVerify()"...
5CVSS
4.4AI Score
0.001EPSS
The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by launching this activity and then sending a....
3.6CVSS
4.2AI Score
0.0004EPSS
The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers,...
5.5CVSS
5.4AI Score
0.0004EPSS
The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be...
6.1CVSS
4.5AI Score
0.0004EPSS
The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be...
7.8CVSS
7.6AI Score
0.0005EPSS
The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action...
6.3CVSS
6.3AI Score
0.0004EPSS
The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service ("com.lge.abba") app. The attacker's app, if it had access to app notifications, could...
7.8CVSS
7.6AI Score
0.0005EPSS
The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth ("com.lge.bluetoothsetting") app. The attacker's app, if it had access to app notifications, could...
7.8CVSS
7.6AI Score
0.0005EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper...
7.5CVSS
7.3AI Score
0.002EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of proper....
7.5CVSS
7.3AI Score
0.002EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of proper....
9.8CVSS
9.6AI Score
0.019EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation.....
9.8CVSS
9.6AI Score
0.019EPSS
A vulnerability, which was classified as problematic, has been found in sileht bird-lg. This issue affects some unknown processing of the file templates/layout.html. The manipulation of the argument request_args leads to cross site scripting. The attack may be initiated remotely. The name of the...
6.1CVSS
6AI Score
0.001EPSS
When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is...
7.8CVSS
7.7AI Score
0.001EPSS
Integer overflow in the LG Mobile handset allows remote attackers to cause a denial of service (reboot) via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being...
7AI Score
0.003EPSS
9.8CVSS
9.3AI Score
0.002EPSS
V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV...
7.8CVSS
7.8AI Score
0.0004EPSS
When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is...
7.8CVSS
7.7AI Score
0.0004EPSS
Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is...
6.1CVSS
6.3AI Score
0.0005EPSS
A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in _COMPONENT of LG Electronics (LGPCSuite_Setup),...
5.6CVSS
5.5AI Score
0.001EPSS
Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain...
9.8CVSS
9.1AI Score
0.007EPSS
lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router...
7.5CVSS
7.8AI Score
0.004EPSS
The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh...
7.5CVSS
7.8AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr"...
6.1CVSS
6.3AI Score
0.003EPSS
An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any...
5.5CVSS
5.6AI Score
0.001EPSS
The LG Telepresence (aka com.rsupport.rtc.lge) application 2.0.12 Build 63 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI...
6.9AI Score
0.013EPSS